If you've ever looked at the list of system applications on a Xiaomi smartphone, you've probably noticed a strange name: CAcertApp. This utility software doesn't have a label on the desktop, doesn't show up in the app menu, but it takes up space in memory and sometimes appears in the system logs. What is it? Why is it needed? And why can't it be removed in standard ways?
In this article, we will discuss in detail how CAcertApp works on Xiaomi, Redmi and other devices. POCO, We will explain its connection to connection security, and show you how to properly manage root certificates if you have errors when connecting to Wi-Fi, websites or corporate networks. NET::ERR_CERT_AUTHORITY_INVALID or applications refuse to work with HTTPS.
Spoiler: 90 percent of the time, CAcertApp doesn't require manual intervention, but if you've experienced certificate errors after resetting, firmware or custom software, our instructions will help you get everything back to work.
What is CAcertApp on Xiaomi and why you need it
CAcertApp (Certificate Authority Application) is a system application responsible for managing root certificates on Xiaomi devices, built into MIUI firmware and runs in the background, providing:
- π Authentication SSL/TLS-Certificates when connecting to secure sites (HTTPS), Wi-Fi networks with encryption and corporate VPN.
- π± Storage of Trusted Certification Centers (CA), Resources that confirm the legitimacy of resources (e.g. Let's Encrypt, DigiCert, GlobalSign).
- π Automatically update the list of trusted certificates through security updates MIUI.
- π‘οΈ Protection against man-in-the-middle attacks" (MITM), When an attacker replaces certificates to intercept traffic.
In fact, CAcertApp is the equivalent of a certificate store in Windows or macOS, but adapted for Android. Without it, your smartphone would not be able to distinguish a real vk.com site from a phishing copy, and banking applications would not work due to the lack of trusted root centers.
It is important to understand that it is not a virus or spyware. Xiaomi does not collect your data through it β the application works locally and only interacts with Android system components. However, in some cases (for example, when using custom firmware or rooting), its operation may be disrupted, which leads to connection errors.
Where is CAcertApp and how to find it
Since CAcertApp is a system application, it doesn't appear in the main menu. To find it, follow these steps:
- Open Settings β Applications β Application Management.
- Click on the three dots in the upper right corner and select Show System Processes.
- In the search bar, type CAcertApp or com.android.cacertapp.
- The results will show an app with a grey lock icon (or without an icon).
In some versions of MIUI (e.g. MIUI 14 and later), the path may be slightly different:
Settings β Applications β All applications β Filter βSystemβ β Search βCAcertβIf you don't find the app through the interface, you can use ADB (Android Debug Bridge) and connect the smartphone to your PC and follow the command:
adb shell pm list packages | grep cacertThis will bring the full path to the package, for example: package:com.android.cacertapp.
π‘
Do not try to remove CAcertApp through standard settings β this will cause malfunctions in the work. HTTPS-If you want to free up space, you better turn off the app cache in its settings.
Typical CAcertApp Problems and How to Solve Them
In most cases, CAcertApp works invisibly, but sometimes users experience errors, and here are the most common symptoms and their causes:
| Problem. | Possible cause | Decision |
|---|---|---|
| Mistake. NET::ERR_CERT_AUTHORITY_INVALID browser-wise | There is no trusted root certificate for the site | Update certificates through Settings β Security β Trusted credentials |
| Applications cannot connect to HTTPS (e.g. banking) | Resetting settings or damage to the certificate repository | Install certificates manually or reset security settings |
| Wi-Fi with Enterprise encryption (802.1X) is not connected | There is no certificate for authentication | Import a network certificate through Wi-Fi settings β More |
| CAcertApp consumes a lot of battery | Background check of certificates with a weak Internet | Restart the device or clear the app cache |
If the problem persists after standard actions, try the following steps:
Reset network settings in Settings β Reset |
Update MIUI to the latest version|
Check the date and time on the device (incorrect settings cause certificate errors)|
Remove recently installed user certificates in Settings β Security-->
For advanced users, if errors occur after firmware or rooting, the certificate repository may be damaged.
adb shell cmd package compile -m speed -f com.android.cacertappIt reassembles the app cache, which sometimes solves problems with downloading certificates.
What to do if CAcertApp is completely off?
How to Update Certificates in CAcertApp
The list of trusted certificates is updated automatically through MIUI security updates, but if you encounter errors (for example, old sites stopped opening), you can force them to manually update them:
- Go to Settings β About the phone β System update.
- Click on the three dots in the top right corner and select Update Security Packages (if there is one).
- If there are no updates, check out the MIUI version β a full firmware update may be required.
For Android 12+ devices (including MIUI 13/14), certificates are updated through Google Play Services.
- π± Google Mobile Services is installed on the device (GMS).
- π Auto-Update Apps in Play Market Enabled.
- π There is a stable connection to the Internet (preferably Wi-Fi).
If you are using a device without GMS (e.g. Xiaomi for the Chinese market), the certificate update is only through firmware, in which case it is recommended to install global or European versions of MIUI, where GMS support is present out of the box.
π‘
On devices without Google Services (such as the Chinese version of Xiaomi), certificates are updated only through firmware, which can lead to delays in supporting new security standards.
Can I delete CAcertApp and what happens if I do it?
Technically, you can remove CAcertApp only with root rights or through ADB debugging USB. However, removal will lead to complete incapacity. HTTPS-Connections: Browsers, instant messengers and banking applications will no longer connect to protected resources, and Wi-Fi networks with Enterprise encryption will become unavailable.
If you still need to free up space or disable the application, do the following:
- Open the CAcertApp settings (as described above).
- Click Disable (Do not "Delete"!).
- Clear the cache and application data.
This won't delete the app completely, but it will stop its background activity.
β οΈ Warning: Disabling CAcertApp may cause malfunctions in applications using HTTPS (For example, WhatsApp, Telegram, bank clients, and you can only restore your work by restarting or returning the settings of the application to the factory.
For root-right users: If you have deleted CAcertApp and encountered problems, restore it from the backup or reflash the device. Restore via Titanium Backup or similar tools may not work due to off-the-shelf integration with the system.
CAcertApp and Enterprise Networks: Configuring User Certificates
If you connect to a corporate Wi-Fi network with WPA2-Enterprise encryption or use a VPN with certificates, you may need to install additional root certificates.
- Download the certificate (usually a file with the.crt or.pem extension) to the device.
- Go to Settings β Security β Install from storage (the path may vary depending on the version of MIUI).
- Select the downloaded file and confirm the installation.
- If necessary, specify the name of the certificate and select the scope (Wi-Fi, VPN or applications).
To connect to Wi-Fi with certificates:
- Open the Settings. β Wi-Fi.
- Select a network that requires a certificate.
- In the CA-certificate field, specify the certificate installed.
- Enter your login/password (if required) and connect.
If the certificate is not installed, check:
- π File format β only.crt,.pem and.der are supported.
- π Certificate not expired (check date in file properties).
- π± The device has enough free space (minimum 100 MB on the system partition).
β οΈ Note: Installing user certificates from unverified sources could put your device at risk MITM-Use only certificates provided by a network administrator or trusted organizations.
CAcertApp on custom firmware (LineageOS, Pixel Experience, etc.)
If you have custom firmware installed (like LineageOS, Pixel Experience, or Havoc-OS), CAcertApp may not work properly or at all.
- π¦ Unofficial firmware often lacks proprietary Xiaomi components.
- π Updating certificates via Google Play Services may be disabled.
- π§ The certificates can be replaced by a standard AOSP (Android Open Source Project).
To restore the working capacity:
- Install Open GApps (nano or pico package) β it contains up-to-date root certificates from Google.
- Or manually run MIUI CAcertApp through TWRP (if there is a compatible version for your model).
- Update your firmware to the latest version β many custom builds include fixes for working with certificates.
To check the current certificates on custom firmware, use the command:
adb shell cmd package list packages | grep -E'cacert|cert'If the output does not include com.android.cacertapp, then the application is missing and needs to be restored.